Iran and the Soft War for Internet Dominance Claudio Guarnieri & Collin Anderson1 Black Hat USA, August 2016 Table of Contents Introduction Campaigns and Actors Infy Cleaver (Ghambar) Rocket Kitten Sima End Note Acknowledgements Appendix Summary Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Concomitantly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization describing itself as the "Iranian Cyber Army" beginning in late 2009, Iranian actors have been attributed in campaigns of intrusions and disruptions of private companies, foreign government entities, domestic opposition, regional adversaries and international critics. While Iran maintains strong technical universities2 and an extraordinarily active defacement community,3 the country has not invested in its capacity for Internetbased espionage to the same degree as its traditional geopolitical rivals, and is less able to seek capabilities abroad from 1 Contact: Claudio (
[email protected], PGP: 7359 D880) and Collin (
[email protected], PGP: FAFB F2FA) 2 Sharif University of Technology for example is an internationally recognized engineering school. https://www.timeshighereducation.com/worlduniversityrankings/sharifuniversityoftechnology 3 Ashiyane Digital Security Team and other defacement groups have commonly held positions in the leaderboard of ZoneH and are attributed with thousands of defacements. http://www.zoneh.org/stats/notifierspecial Iran and the Soft War for Internet Dominance Guarnieri & Anderson companies such as Hacking Team or Finfisher due to its pariah status.